Belden disclosed two high-severity vulnerabilities in Hirschmann Industrial HiVision that can lead to arbitrary code execution. The more serious issue, tracked as CVE-2017-20237, is an authentication bypass in the product's master service that affects versions prior to 06.0.07 and 07.0.03. An unauthenticated remote attacker can invoke exposed interface methods and execute commands with administrative privileges on the underlying operating system, creating a full remote code execution path with high impact to confidentiality, integrity, and availability.
A second flaw, CVE-2022-4987, affects 08.1.03 prior to 08.1.04 and 08.2.00 and stems from improper sanitization of paths used to launch user-configured external applications. In that scenario, a low-privileged local attacker can place a malicious binary in the execution path so it runs instead of the intended program, potentially gaining elevated execution depending on deployment context. The vulnerabilities were documented in Belden security guidance and VulnCheck advisories, highlighting both remote and local routes to code execution in Industrial HiVision deployments.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
3 events from the most recent confirmed update back to the earliest known activity.
VulnCheck recorded both CVE-2017-20237 and CVE-2022-4987 as newly received by disclosure@vulncheck.com, adding vulnerability history details and references to the Belden bulletin and VulnCheck advisory. This marks the public cataloging of the two Hirschmann Industrial HiVision vulnerabilities in the referenced feed.
Belden published a security bulletin for CVE-2022-4987 in Hirschmann Industrial HiVision. The issue affects version 08.1.03 prior to 08.1.04 and version 08.2.00, allowing a local low-privilege attacker to hijack execution of external applications and potentially achieve arbitrary code execution with elevated privileges.
Belden published a security bulletin for CVE-2017-20237 affecting Hirschmann Industrial HiVision. The flaw impacts versions prior to 06.0.07 and 07.0.03 and allows unauthenticated remote attackers to invoke exposed interface methods and execute arbitrary commands with administrative privileges.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
2 references tracked. Mallory keeps watching after this page renders.
cvefeed.io
Open sourcecvefeed.io
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.